% THIS IS SIGPROC-SP.TEX - VERSION 3.1
% WORKS WITH V3.2SP OF ACM_PROC_ARTICLE-SP.CLS
% APRIL 2009
%
% It is an example file showing how to use the 'acm_proc_article-sp.cls' V3.2SP
% LaTeX2e document class file for Conference Proceedings submissions.
% ----------------------------------------------------------------------------------------------------------------
% This .tex file (and associated .cls V3.2SP) *DOES NOT* produce:
%       1) The Permission Statement
%       2) The Conference (location) Info information
%       3) The Copyright Line with ACM data
%       4) Page numbering
% ---------------------------------------------------------------------------------------------------------------
% It is an example which *does* use the .bib file (from which the .bbl file
% is produced).
% REMEMBER HOWEVER: After having produced the .bbl file,
% and prior to final submission,
% you need to 'insert'  your .bbl file into your source .tex file so as to provide
% ONE 'self-contained' source file.
%
% Questions regarding SIGS should be sent to
% Adrienne Griscti ---> griscti@acm.org
%
% Questions/suggestions regarding the guidelines, .tex and .cls files, etc. to
% Gerald Murray ---> murray@hq.acm.org
%
% For tracking purposes - this is V3.1SP - APRIL 2009

\documentclass{llncs}
\usepackage{algorithmic}
\usepackage{algorithm}
\usepackage{colortbl}
\usepackage{graphicx}
\usepackage{amsfonts}
\usepackage{multicol}



\begin{document}
\title{Automated Code-based Location Of Policy Enforcement Points}
\author{Yehia ElRakaiby$^1$, Tejeddine Mouelhi$^1$, Donia El Kateb$^2$ \and Yves Le Traon$^1$
%\thanks{Please note that the LNCS Editorial assumes that all authors have used
%the western naming convention, with given names preceding surnames. This determines
%the structure of the names in the running heads and the author index.}%
}
\institute{
$^1$Security, Reliability and Trust Interdisciplinary Research Center, SnT\\
$^2$Laboratory of Advanced Software SYstems (LASSY), \\University of Luxembourg, Luxembourg\\}
\maketitle
\pagestyle{plain} % No headers, just page numbers
\thispagestyle{empty}
\pagenumbering{arabic} % Roman numerals
\setcounter{page}{1}
\begin{abstract}
Access control architecture is composed of policy enforcement points (PEPs), which are in charge of calling the policy decision point (PDP) and to enforce the corresponding policy. Very often, there is no documentation for the location of
 the PEPs inside the code. This is a major threat for secure co-evolution of the code and the access control policy, as well as for software maintenance.
This paper addresses this issue by presenting a new approach for locating and mapping the PEPs inside a code. This approach analyzes the code of an application and combines code static and dynamic analysis to
 locate the PEPs and map every PEP to the set of accesses it controls. The approach has been successfully applied to a case study implementing an access control policy. 
\end{abstract}


\textbf{Keywords: PEP, PDP, Acces Control Policies, Security Test Cases}


%\textit{Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Copyright 20XX ACM X-XXXXX-XX-X/XX/XX ...10.00}



\input{intro}
\input{context}
\input{approach}
\input{experiments}
\input{conclusion}
\bibliographystyle{abbrv}
\bibliography{sigproc} 
%\balancecolumns
\end{document}
